Posted by: Anonymous Coward
on November 04, 2005 07:18 PM
The real problem, is there IS a standard we go by. We need to come up with a way to be far from standard in each use.
Having everyone depend on one algorithm is stupid. People have thought md5 alone was fairly safe, an it never really was. It's just math. Then everyone sticks in the same functions and the world is running the same security algorithm. Practically all the CMS's use it and they are run on loosely protected servers.
Great for government spying though<nobr> <wbr></nobr>:)
We need differences in programs. No one should use the same basic algorithm alone.
Theoretically. In YOUR design, invert the bits then use a SHA-256. In MY design, I invert the ascii of the users first name and multiply it by the MD5. They have to get the hash, and disect MY code to know what I did. Too many go straight to the algorithm.
At least being creative adds another level by being NON Standard.
Maybe, In a more secure design, they make x many passes, or generating a much larger value, and make people hold that hash in a memory stick.
Maybe create undeleting cookies. so only that machin in which access began has the large hashes.
I think security should have no standard, just complex algorithms and additonal manipulations of the data before or after it. Then it's up to protecting the servers and the hashes as well as the software itself.
If one program is compromised, it doesn't affect so many others. Give me some creative programming and a BIG hash.<nobr> <wbr></nobr>:)
The bottom line is, If it can be made, it can be broken. We need to add our own variables to the standards, keep the coding difficult to read, make it complex enough to take a while to reverse, and protect access to any of the above as much as we can.
Learn about Linux
Download Linux
Get Linux help
The Real problem
Posted by: Anonymous Coward on November 04, 2005 07:18 PMHaving everyone depend on one algorithm is stupid. People have thought md5 alone was fairly safe, an it never really was. It's just math. Then everyone sticks in the same functions and the world is running the same security algorithm.
Practically all the CMS's use it and they are run on loosely protected servers.
Great for government spying though<nobr> <wbr></nobr>:)
We need differences in programs. No one should use the same basic algorithm alone.
Theoretically. In YOUR design, invert the bits then use a SHA-256. In MY design, I invert the ascii of the users first name and multiply it by the MD5. They have to get the hash, and disect MY code to know what I did. Too many go straight to the algorithm.
At least being creative adds another level by being NON Standard.
Maybe, In a more secure design, they make x many passes, or generating a much larger value, and make people hold that hash in a memory stick.
Maybe create undeleting cookies. so only that machin in which access began has the large hashes.
I think security should have no standard, just complex algorithms and additonal manipulations of the data before or after it. Then it's up to protecting the servers and the hashes as well as the software itself.
If one program is compromised, it doesn't affect so many others. Give me some creative programming and a BIG hash.<nobr> <wbr></nobr>:)
The bottom line is, If it can be made, it can be broken. We need to add our own variables to the standards, keep the coding difficult to read, make it complex enough to take a while to reverse, and protect access to any of the above as much as we can.
BS-CHM
#